Privacy Policy
Last updated: March 2026
1. Data Controller
The data controller for this service is:
[Company Name]
[Company Address]
Company Registration Number: [Company Registration Number]
Data Protection Contact: mattiomc@gmail.com
This privacy policy explains how MorpheusFlow Streetworks ("the Service") collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What Data We Collect
We collect and process the following personal data:
| Data | When Collected | Purpose |
|---|---|---|
| Email address | Account registration | Account identification, login, communication |
| Display name | Account registration | Personalisation within the Service |
| Password (hashed) | Account registration | Authentication — stored only as a cryptographic hash, never in plain text |
| IP address | Each request to the Service | Security monitoring, audit logging, abuse prevention |
| Login timestamps | Each authentication event | Security auditing, session management |
We do not collect any special category data (as defined by Article 9 of the UK GDPR).
3. Why We Process Your Data
We process your personal data for the following purposes:
- Account management — to create and maintain your user account, authenticate your identity, and manage your access to the Service.
- Service provision — to provide the traffic dispersal modelling functionality of the platform.
- Security — to detect and prevent unauthorised access, fraud, and other malicious activity through audit logging and monitoring.
4. Lawful Basis for Processing
We rely on the following lawful bases under Article 6 of the UK GDPR:
- Consent (Article 6(1)(a)) — when you voluntarily register for an account and provide your personal data. You may withdraw consent at any time by deleting your account.
- Legitimate interests (Article 6(1)(f)) — for security monitoring, audit logging, and abuse prevention. Our legitimate interest is to maintain the security and integrity of the Service. We have assessed that this processing does not override your rights and freedoms.
- Contract performance (Article 6(1)(b)) — processing necessary to provide the Service to you as set out in our Terms of Service.
5. Data Retention
- Account data (email, display name, hashed password) — retained until you request deletion of your account.
- Audit logs (IP addresses, login timestamps) — retained for 12 months from the date of collection, then automatically purged.
- Scenario data (traffic models you create) — retained until you delete them or your account is closed.
6. Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete personal data.
- Right to erasure — request deletion of your personal data (you can also delete your account directly through the Service).
- Right to data portability — request a machine-readable copy of your personal data.
- Right to object — object to processing based on legitimate interests.
- Right to restrict processing — request that we limit how we use your data in certain circumstances.
To exercise any of these rights, contact us at mattiomc@gmail.com. We will respond within one month of receiving your request.
7. Third Parties
We share data with or rely on the following third-party services:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stadia Maps | Map tile rendering | Your IP address and browser metadata are sent to Stadia Maps servers when map tiles are loaded. See Stadia Maps Privacy Policy. |
| Linode / Akamai | Hosting (UK data centre) | All Service data is stored on Linode/Akamai infrastructure within the United Kingdom. |
We do not sell, rent, or trade your personal data to any third party.
8. International Transfers
All Service data is hosted within the United Kingdom. We do not transfer your personal data outside the UK.
Third-party map tile requests to Stadia Maps may be routed through servers in other jurisdictions. This is limited to your IP address and standard HTTP request metadata, and is governed by Stadia Maps' own privacy policy.
9. Cookies and Local Storage
The Service uses browser localStorage rather than traditional cookies. Specifically:
- Authentication tokens — stored in localStorage to maintain your login session. These are strictly necessary for the Service to function and do not require consent under the Privacy and Electronic Communications Regulations 2003 (PECR).
- User profile data — a cached copy of your display name and email for the user interface.
Third-party map tile requests to Stadia Maps may set cookies in your browser. These are governed by Stadia Maps' cookie policy.
For full details, see our Cookie & Storage Policy.
10. Data Security
We take appropriate technical and organisational measures to protect your personal data, including:
- HTTPS encryption for all data in transit
- Passwords stored using cryptographic hashing (never in plain text)
- JWT-based authentication with token expiry and refresh mechanisms
- Access controls limiting who can view audit logs and account data
11. Complaints
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk/make-a-complaint
We would appreciate the opportunity to resolve your concern before you contact the ICO. Please reach out to us at mattiomc@gmail.com first.
12. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. If we make significant changes, we will notify you through the Service.